| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 143898 | 2017-05-09 05:51:00 | HJT log | Lurking (218) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1435051 | 2017-05-09 05:51:00 | Could some kind person check the above log thanks: Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 4:48:20 p.m., on 9/05/2017 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.ex e C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Everything\Everything.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateCore.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - oas.support.microsoft.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - www.update.microsoft.com O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - download.eset.com O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 6003 bytes lurking. |
Lurking (218) | ||
| 1435052 | 2017-05-09 10:46:00 | Could some kind person check the above log thanks: Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 4:48:20 p.m., on 9/05/2017 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.ex e C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Everything\Everything.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateCore.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - oas.support.microsoft.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - www.update.microsoft.com O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - download.eset.com O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 6003 bytes lurking. Copy/paste into : hijackthis.de website window. You'll get instant results. |
notechyet (4479) | ||
| 1435053 | 2017-05-09 11:26:00 | Thanks for that. lurking. |
Lurking (218) | ||
| 1435054 | 2017-05-09 22:37:00 | O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe not malware, but get rid of it anyway (in fact, consider removing Nero ) There is zero need for Nero to be indexing your hard drive. Just more bloatware Also make sure MSSE is patched , make sure Winupates is up to date and indexing tools can sometimes cause issues . C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Everything\Everything.exe C:\WINDOWS\system32\cidaemon.exe |
1101 (13337) | ||
| 1435055 | 2017-05-10 00:43:00 | 1101, thanks for that. This XP PC is son-in-law's gift to us and he used to burn a lot of music cds', he was in a band. Quite a pile of Nero entries to remove, but will do. Reason I posted HJT log !, I seem to be on MS list of XP users still getting their security updates and the latest one caused a problem with OE Inward mail box and mail from 25 Mar to 8 May have disappeared, I do have replies to them in the Sent Box. The reason for the deleting probably arises from the Restore function and believe it or not it's the very first time XP has done it from a reliable date of the 25 March 2017. The site that notechyet gave Spybot a (?) mark and I cant find that program anywhere but on HJT log.... lurking. |
Lurking (218) | ||
| 1435056 | 2017-05-10 02:13:00 | a problem with OE Inward mail box and mail from 25 Mar to 8 May have disappeared, I do have replies to them in the Sent Box . Is this a known issue with a particular update ? or just the inbox mail store corrupted, or AV going in & deleting a bunch of email OE has a separate store for inbox, sent etc . If inbox gets close to 2Gb in size, bad things happen (corruption) If anything on that PC is of any importance, email, docs etc: make sure you get a good external backup . Its getting old :) Have a look in the log files (control panel, administrative tools, logs) . |
1101 (13337) | ||
| 1435057 | 2017-05-10 11:11:00 | Is this a known issue with a particular update ? or just the inbox mail store corrupted, or AV going in & deleting a bunch of email OE has a separate store for inbox, sent etc . If inbox gets close to 2Gb in size, bad things happen (corruption) If anything on that PC is of any importance, email, docs etc: make sure you get a good external backup. Its getting old :) Have a look in the log files (control panel, administrative tools, logs) . Auto updates so don't know it's relevance. Just the emails from that latest update 25 Mar. No AV except for MS. Inbox 400,000kb Sent 500,00kb Would like to know their store references, only showing .dbx for them all and Dr Google says they are a p r i c k to re-establish and you have to pay for the software to get them back. Most important stuff (excluding OE0 is copied to external 750gig drive. No logs under your last sentence. Thanks again, lurking. |
Lurking (218) | ||
| 1435058 | 2017-05-10 22:29:00 | Would like to know their store references, only showing .dbx for them all and Dr Google says they are a p r i c k to re-establish and you have to pay for the software to get them back. huh ?? inbox.dbx, sent.dbx etc etc If you lost a few weeks emails , either - the dbx is corrupt : expect lots more issues . - they were accidentally deleted or moved . OE is long long obeselete. Seriously consider moving to another email program. OE will only cause you more grief now, especially since its giving issues allready. Ive never found any free software to recover OE dbx or missing email. Expect things to get worse (seriously) |
1101 (13337) | ||
| 1 | |||||